A responsible de-identification of the Real Data Corpus: building a framework for PII management
McCarrin, Michael R.
Denning, Dorothy E.
MetadataShow full item record
De-identification methods have helped government organizations provide the public with useful information—promoting transparency and accountability while also protecting the individual privacy of the data subjects. However, due to the recent massive increase in data collection and improved methods of analysis, de-identification has become a more difficult task. This work outlines challenges and discusses procedures for making a potentially sensitive data set available to extramural researchers and institutions without significant risk to human subject privacy. We provide a detailed explanation of personally identifiable information to help us understand what forms of personally identifiable information can cause the most harm. Furthermore, we discuss the legality and ethics behind working with personally identifiable information to illustrate the importance of protecting privacy. We then offer a taxonomy of threats, vulnerabilities, and impacts and describe how these determine risk. Based on this taxonomy, we develop a framework to assess risk on the Real Data Corpus, a collection of forensic disk images containing personally identifiable information. In addition, we analyze de-identification methods such as pseudonymization and anonymization, and consider re-identification risks. Finally, we apply our framework and methodology to a real-world scenario to determine the risk of data disclosure to an extramural researcher.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Kalaf, William M. (Monterey, California. Naval Postgraduate School, 2010-03);Since 9/11, Arizona and federal law enforcement agencies understand the need to improve subject identification capabilities and integrate criminal information across jurisdictions. Agencies still collect information based ...
Operation and Maintenance Support Information (OMSI) creation, management, and repurposing with XML Raymond, Scott P. (Monterey California. Naval Postgraduate School, 2004-09);New facility construction and existing facility renovation create new or modified operation and maintenance (O&M) requirements for the maintenance responsibility organization such as a Public Works Department (PWD). This ...
MOBILE DEVICE MANAGEMENT IN THE DoD ENTERPRISE NETWORK: FACTORS FOR RISK MANAGEMENT, INTEGRATION, AND IT ACQUISITION Pratt, Donald E., Jr.; Jones, Brian K. (Monterey, California. Naval Postgraduate School, 2013-03);The Office of the Department of Defense Chief Information Officer (DoD CIO) has developed a mobile device strategy that will require the DoD information technology (IT) system acquisition process to acquire a mobile device ...